Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Software Development
Programming
Programming Q&A
PHP - Need API w/ Authentication
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="RastaLulz" data-source="post: 465907" data-attributes="member: 1"><p>Quite the broad question you have there.</p><p></p><p>I guess it really depends on what your desired outcome is. If it's a one off thing, and you don't really care (as long it's secure), then it really doesn't matter how you achieve it.</p><p></p><p>However, if your goal is to create an API that is <a href="https://en.wikipedia.org/wiki/Representational_state_transfer" target="_blank">RESTful</a>, and would be more familiar to your average developer, then there's room for improvement.</p><p></p><p>Pre-requisites:</p><ul> <li data-xf-list-type="ul"><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods" target="_blank">HTTP Request Methods</a></li> <li data-xf-list-type="ul"><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status" target="_blank">HTTP Status Codes</a></li> <li data-xf-list-type="ul"><a href="https://en.wikipedia.org/wiki/Query_string" target="_blank">Query String</a></li> </ul><p></p><p>Additionally, I'd recommend installing a client like <a href="https://www.postman.com/" target="_blank">Postman</a>, that will allow you to interact with your API, if you haven't already.</p><p></p><p>Anyways, I assume the phone number comes from some table in the database? Let's assume it's the [ICODE]users[/ICODE] table.</p><p></p><p>Here's what your HTTP request might look like:</p><p>[CODE]GET /users?phone_number=8675309</p><p>Host: example.com</p><p>Authorization: YOUR_AUTH_TOKEN</p><p>[/CODE]</p><p></p><p>Which would return something like this:</p><p>[CODE="json"]{</p><p> "meta": {</p><p> "total": 1</p><p> },</p><p> "items": [</p><p> {</p><p> "id": 1,</p><p> "name": "John Doe",</p><p> "phone_number": "8675309"</p><p> },</p><p> ],</p><p>}[/CODE]</p><p></p><p>So what this allows you to do is query for all [ICODE]users[/ICODE] with the specific phone number you're looking for, and can validate whether it has been used or not based on [ICODE]meta.total[/ICODE] in the response. Then if you have any other need for accessing [ICODE]users[/ICODE], you already have an endpoint setup. Also, you'll see that [ICODE]Authorization[/ICODE] would be sent as a [ICODE]header[/ICODE] in the HTTP request, which you validate server side, and if it passes, you'd serve the content. If the [ICODE]Authorization[/ICODE] header if invalid, you'd respond with a [ICODE]401[/ICODE] status code.</p><p></p><p>Hopefully that's inline with what you're attempting to do, and gives you some direction.</p></blockquote><p></p>
[QUOTE="RastaLulz, post: 465907, member: 1"] Quite the broad question you have there. I guess it really depends on what your desired outcome is. If it's a one off thing, and you don't really care (as long it's secure), then it really doesn't matter how you achieve it. However, if your goal is to create an API that is [URL="https://en.wikipedia.org/wiki/Representational_state_transfer"]RESTful[/URL], and would be more familiar to your average developer, then there's room for improvement. Pre-requisites: [LIST] [*][URL="https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods"]HTTP Request Methods[/URL] [*][URL="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status"]HTTP Status Codes[/URL] [*][URL="https://en.wikipedia.org/wiki/Query_string"]Query String[/URL] [/LIST] Additionally, I'd recommend installing a client like [URL="https://www.postman.com/"]Postman[/URL], that will allow you to interact with your API, if you haven't already. Anyways, I assume the phone number comes from some table in the database? Let's assume it's the [ICODE]users[/ICODE] table. Here's what your HTTP request might look like: [CODE]GET /users?phone_number=8675309 Host: example.com Authorization: YOUR_AUTH_TOKEN [/CODE] Which would return something like this: [CODE="json"]{ "meta": { "total": 1 }, "items": [ { "id": 1, "name": "John Doe", "phone_number": "8675309" }, ], }[/CODE] So what this allows you to do is query for all [ICODE]users[/ICODE] with the specific phone number you're looking for, and can validate whether it has been used or not based on [ICODE]meta.total[/ICODE] in the response. Then if you have any other need for accessing [ICODE]users[/ICODE], you already have an endpoint setup. Also, you'll see that [ICODE]Authorization[/ICODE] would be sent as a [ICODE]header[/ICODE] in the HTTP request, which you validate server side, and if it passes, you'd serve the content. If the [ICODE]Authorization[/ICODE] header if invalid, you'd respond with a [ICODE]401[/ICODE] status code. Hopefully that's inline with what you're attempting to do, and gives you some direction. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Software Development
Programming
Programming Q&A
PHP - Need API w/ Authentication
Top